Safety analysis of wheel brake system based on STAMP/STPA and Monte Carlo simulation

doi:10.21629/JSEE.2018.06.20

Journal of Systems Engineering and Electronics ›› 2018, Vol. 29 ›› Issue (6): 1327-1339.doi: 10.21629/JSEE.2018.06.20

• Reliability • Previous Articles

Safety analysis of wheel brake system based on STAMP/STPA and Monte Carlo simulation

Jianbo HU¹(), Lei ZHENG^1,*(), Shukui XU²()

¹ Equipment Management and Unmanned Aerial Vehicle Engineering College, Air Force Engineering University, Xi'an 710051, China
² The 28th Research Institute of China Electronic Technology Group Corporation, Nanjing 210000, China

Received:2017-05-15 Online:2018-12-25 Published:2018-12-26
Contact: Lei ZHENG E-mail:jian_bo_h@163.com;zhenglei-happy@163.com;xskgfkd@163.com
About author:HU Jianbo was born in 1965. He received his B.S. and M.S. degrees from Engineering College, Air Force Engineering University, Xi'an, China, in 1987 and 1990 respectively, and Ph.D. degree from Northwestern Polytechnical University, Xi'an, China, in 1998. From 1998 to 2001, he did his postdoctoral research in Institute of Advanced Process Control, Zhejiang University. Now he is a professor in materiel management and safety engineering, Air Force Engineering University. His research interests include robust adaptive control, flight control system, variable structure control, and safety engineering. E-mail: jian_bo_h@163.com|ZHENG Lei was born in 1987. He received his B.S. and M.S. degrees from Air Force Logistic College in 2010 and 2012, and is currently pursuing his Ph.D. degree in control science and engineering major in materiel management and safety engineering, Air Force Engineering University. Now he is an engineer in Unit 31431 of the PLA. His research interests include airworthiness management, variable structure control, and safety engineering. E-mail: zhenglei-happy@163.com|XU Shukui was born in 1982. He received his M.S. and Ph.D. degrees in control science and engineering major from National University of Defense Technology in 2006 and 2011 respectively. Now he is an engineer in Unit 31431 of the PLA. His research interests include computational photography, computer vision and information fusion. E-mail: xskgfkd@163.com

Abstract

Abstract:

The wheel brake system safety is a complex problem which refers to its technical state, operating environment, human factors, etc., in aircraft landing taxiing process. Usually, professors consider system safety with traditional probability techniques based on the linear chain of events. However, it could not comprehensively analyze system safety problems, especially in operating environment, interaction of subsystems, and human factors. Thus, we consider system safety as a control problem based on the system-theoretic accident model, the processes (STAMP) model and the system theoretic process analysis (STPA) technique to compensate the deficiency of traditional techniques. Meanwhile, system safety simulation is considered as system control simulation, and Monte Carlo methods are used which consider the range of uncertain parameters and operation deviation to quantitatively study system safety influence factors in control simulation. Firstly, we construct the STAMP model and STPA feedback control loop of the wheel brake system based on the system functional requirement. Then four unsafe control actions are identified, and causes of them are analyzed. Finally, we construct the Monte Carlo simulation model to analyze different scenarios under disturbance. The results provide a basis for choosing corresponding process model variables in constructing the context table and show that appropriate brake strategies could prevent hazards in aircraft landing taxiing.

Key words: safety analysis, landing taxiing, system-theoretic accident model and processes (STAMP) model and system theoretic process analysis (STPA) (STAMP/STPA), feedback control loop, Monte Carlo simulation

Jianbo HU, Lei ZHENG, Shukui XU. Safety analysis of wheel brake system based on STAMP/STPA and Monte Carlo simulation[J]. Journal of Systems Engineering and Electronics, 2018, 29(6): 1327-1339.

Figures/Tables 16

Fig 1

Fig 2

Fig 3

Table 1

Table 2

Table 3

Table 4

Fig 4

Fig 5

Fig 6

Table 5

Fig 7

Fig 8

Fig 9

Fig 10

Fig 11

References 34

1	HEINRICH H W. Industrial accident prevention: a scientific approach. Industrial & Labor Relations Review, 1931, 4 (4): 609- 609.
2	PAKULA T. 'Domino' model of chain arrangement in bulk polymers. Polymer, 1987, 28 (8): 1293- 1297. doi: 10.1016/0032-3861(87)90440-X
3	COZZANI V, GUBINELLI G, ANTONIONI G, et al. The assessment of risk caused by domino effect in quantitative area risk analysis. Journal of Hazardous Materials, 2006, 127 (1-3): 14- 30.
4	KHAKZAD N. Application of dynamic Bayesian network to risk analysis of domino effects in chemical infrastructures. Reliability Engineering & System Safety, 2015, 138 (6): 263- 272.
5	REASON J, HOLLNAGEL E, PARIES J. Revisiting the "swiss cheese" model of accidents. Journal of Clinical Engineering, 2006, 27 (4): 110- 115.
6	HICKEY J, QI V E H. Effectiveness of accident models: system theoretic model vs. the Swiss cheese model: a case study of a US coast guard aviation mishap. International Journal of Risk Assessment & Management, 2013, 17 (1): 46- 68.
7	SURYOPUTRO M R, SARI A D, KURNIA R D. Preliminary study for modeling train accident in indonesia using swiss cheese model. Procedia Manufacturing, 2015, 3 (11): 3100- 3106.
8	HOLLNAGEL E, ÖRJAN G. The functional resonance accident model. Proc. of the International Symposium of the Australian Aviation Psychology Association, 2004: 155-161.
9	BELMONTE F, SCHÖN W, HEURLEY L, et al. Interdisciplinary safety analysis of complex socio-technological systems based on the functional resonance accident model: an application to railway traffic supervision. Reliability Engineering & System Safety, 2011, 96 (2): 237- 249.
10	CARVALHO P V R D. The use of functional resonance analysis method (FRAM) in a mid-air collision to understand some characteristics of the air traffic management system resilience. Reliability Engineering & System Safety, 2011, 96 (11): 1482- 1498.
11	YAO S. Applying system-theoretic accident model and processes (STAMP) to hazard analysis. Hamilton, Canada: Mcmaster University, 2012.
12	YUAN H. Network topology model and fault analysis for electrical control systems. London: Springer, 2012.
13	BUDDE S F. Modeling blowouts during drilling using STAMP and STPA. Trondheim, Norway: Norwegian University of Science and Technology, 2012.
14	HOEL F. Modeling process leaks offshore using STAMP and STPA. Trondheim, Norway: Norwegian University of Science and Technology, 2013.
15	YANG C. Software safety testing based on STPA. Procedia Engineering, 2014, 80 (9): 399- 406.
16	LU Y, ZHANG S G, TANG P, et al. STAMP-based safety control approach for flight testing of a low-cost unmanned subscale blended-wing-body demonstrator. Safety Science, 2015, 74 (4): 102- 113.
17	WILLIAMS A D. Beyond a series of security nets: applying STAMP & STPA to port security. Journal of Transportation Security, 2015, 8 (3/4): 139- 157.
18	ZHENG L, HU J B. Safety analysis of wheel brake system based on STAMP/STPA. http://www.cnki.net/kcms/detail/11.1929.V.20160606.1616.008.html. (in Chinese)
19	LEVESON N G. A new accident model for engineering safer systems. Safety Science, 2004, 42 (4): 237- 270. doi: 10.1016/S0925-7535(03)00047-X
20	LEVESON N G. Engineering a safer world: systems thinking applied to safety. Massachusetts: MIT Press, 2012.
21	THOMAS J. Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis. Massachusetts, the United States: MIT, 2013.
22	FLEMING C H, LEVESON N G. Improving hazard analysis and certification of integrated modular avionics. Journal of Aerospace Information Systems, 2014, 11 (6): 397- 411. doi: 10.2514/1.I010164
23	XIU Z X. System safety design & assessment in civil aircraft. Shanghai: Shanghai Jiaotong University Press, 2013.
24	HU J B, ZHENG L. Functional control structure model for the complex systems and its application in system safety analysis. Journal of Measurements in Engineering, 2016, 4 (2): 70- 81.
25	VISSCHER I D, BRICTEUX L, WINCKELMANS G. Aircraft vortices in stably stratified and weakly turbulent atmospheres: simulation and modeling. AIAA Journal, 2015, 51 (3): 551- 566.
26	PRANDINI M, PIRODDI L, LYGEROS J. A two-step approach to aircraft conflict resolution combining optimal deterministic design with Monte Carlo stochastic optimization. Proc. of the IEEE Control Conference, 2015: 1824-1829.
27	ROMLI F, HARMIN M Y. Use of Monte Carlo method to estimate subsystem redesign risk for complex products: aircraft redesign case study. Aircraft Engineering & Aerospace Technology, 2015, 87 (6): 563- 570.
28	ZHANG J. Research on robust control allocation for the advanced configuration aircraft. Proc. of the 10th World Congress on Intelligent Control and Automation, 2012: 1722-1726.
29	ROBERT C P, CASELLA G. Monte Carlo statistical methods. New York: Springer, 2004.
30	KUANG Q, HUANG Y M. The robustness verification of control law based on Monte Carlo method. Journal of System Simulation, 2009, (S): 351- 354.
31	SHAKARIAN A. Application of Monte Carlo techniques to the 757/767 autoland dispersion analysis by simulation. Proc. of the Guidance and Control Conference, 1983: 1-2.
32	ZENG X X. Modeling and simulation of aircraft brake system. Changsha, China: Central South University, 2008. (in Chinese)
33	CHENG H. Design and simulation of aircraft anti-skid brake system controller. Changsha, China: Central South University, 2014. (in Chinese)
34	LIU W S. Transient thermal field simulation of aircraft wheel. Materials Science and Engineering of Powder Metallurgy, 2015, 20 (2): 168- 174.

Accident	Description
A-1	People injured or killed
A-2	Aircraft damage
A-3	Ground facilities damage

Hazard	Description	Related accident
H-1	Rush out off the runway	A-1, A-2
H-2	Collide with ground facilitiesHinder other aircraft and ground	A-1, A-2, A-3
H-3	facilities operation	A-1, A-2

Control action	Hazardous if control action not provided	Hazardous if control action provided	Hazardous if control action provided too early or too late	Hazardous if control action stopped too soon or applied too long
Brake	Does not provide manual braking when autobrake does not provide braking. (H-1)	Provide inadequate deceleration (manual or autobrake) during landing. (H-1)	Provide manual braking before touchdown, result in wheel lockup, loss of control, or tire burst. (H-2, H-3)	Manual braking applied too long, result in brake overheating or tire burst during landing. (H-2, H-3)
	——	Provide excessive manual braking, resultinbrakeoverheating or tire burst during landing. (H-2, H-3)	Provide braking too late, result in rushing out off the runway. (H-1)	Manual braking applied too long, result in stopping aircraft on runway, hinder other aircraft and ground facilities operation. (H-3)
	——	——	——	Manual braking applied too soon, result in rushing out off the runway. (H-1)

Row	1	2	3	4	5		6	7	8	9
Context							Hazard
Column	Control action	V	T	The speci?ed area	Other control actions		Hazardous if control action provided	Hazardous if control action not provided	Hazardous if control action provided too early	Hazardous if control action provided too late
Column	1	Brake	>V 0	>C 0	In	Adequate		H-1, H-2, H-3	H-1	H-2, H-3	H-1
2	>V 0		>C 0	In	Inadequate		H-1, H-2, H-3	H-1, H-2, H-3	H-1, H-2, H-3	H-1, H-2, H-3
3	>V 0		>C 0	out	Adequate		H-2, H-3	NO	H-2, H-3	NO
4	>V 0		>C 0	out	Inadequate		H-1, H-2, H-3	H-2, H-3	H-2, H-3	H-1, H-2, H-3
5	>V 0		≤C 0	In	Adequate		H-1	H-1	NO	H-1
6	>V 0		≤C 0	In	Inadequate		H-1, H-2, H-3	H-1, H-2, H-3	H-2, H-3	H-1, H-2, H-3
7	>V 0		≤C 0	out	Adequate		NO	NO	H-4	H-1
8	>V 0		≤C 0	out	Inadequate		H-2, H-3	H-2, H-3	H-2, H-3	H-1, H-2, H-3
9	≤V 0		>C 0	In	Adequate		H-2, H-3	NO	H-2, H-3	NO
10	≤V 0		>C 0	In	Inadequate		H-2, H-3	H-2, H-3	H-2, H-3	H-2, H-3
11	≤V 0		>C 0	out	Adequate		H-2, H-3	NO	H-2, H-3	NO
12	≤V 0		>C 0	out	Inadequate		H-2, H-3	H-2, H-3	H-2, H-3	NO
13	≤V 0		≤C 0	In	Adequate		NO	NO	NO	NO
14	≤V 0		≤C 0	In	Inadequate		H-2, H-3	H-2, H-3	H-2, H-3	H-2, H-3
15	≤V 0		≤C 0	out	Adequate		H-3	NO	H-3	NO
16	≤V 0		≤C 0	out	Inadequate		H-2, H-3	H-2, H-3	H-2, H-3	H-2, H-3

Parameter	Uncertain range/%
M	±3
H	±1.5
F	±20
C_x	±15
C_y	±20
C_m	±20
F_T	±20

Safety analysis of wheel brake system based on STAMP/STPA and Monte Carlo simulation

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

Share this article

Figures/Tables 16

References 34

Related Articles 3

Recommended Articles

Metrics

Comments

[1]	Quan JIANG, Chunling ZHU, Siqi WANG. Qualitative analysis for state/event fault trees using formal model checking [J]. Journal of Systems Engineering and Electronics, 2019, 30(5): 959-973.
[2]	Junbao Geng, Michael Azarian, and Michael Pecht. Opportunistic maintenance for multi-component systems considering structural dependence and economic dependence [J]. Systems Engineering and Electronics, 2015, 26(3): 493-501.
[3]	Ali A. Ismail and Abdulhakim A. Al-Babtain. Planning failure-censored constant-stress partially accelerated life test [J]. Systems Engineering and Electronics, 2015, 26(3): 644-650.